This Lecture Covers Roles of Management IT Personnel Users Internal Auditors External Auditors Senior Mgmt Role in IS Planning and coordinating - financial and resource planning; synchronizing and harmonizing - especially important due to rapid IT change, major systems expected life could be 5 yrs - use of steering committees - assimilate IT function into entity - ensure there is mutual understanding/communication between IT and others Organizing and staffing - provide appropriate organizational structure and adequate segregation of duties with programming and system design being separate from operations, need adequate training, career paths - 3 functions - operations, dev/mtnce, innovation Senior Mgmt Role in IS Directing and Leading - Ensuring proper standards System design and analysis - to ensure well organized approach and to ensure that accounting records are accurate and reliable - without them wrong equip, software, excessive reliance on one person Standards for programming - defining each persons responsibilities and how they are to be attained - without them can be logic errors, loss of audit trail, - include structure requirements, testing procedures and documentation Standards for processing - to prevent loss/manipulation of data - procedures for data conversion, data control, computer operations and file storage and control. Senior Mgmt Role in IS Standards for documentation needed at system level - to facilitate maintenance and ensure that effective systems developed at program level - to make sure source code maintained, control unauthorized changes at operations level - to make sure processing errors can't go undetected at user level - to decrease user error rates, turnover, etc. A: Enterprise-wide risk culture to support identification, assessment and management of IT risk B: Manage IT risk at all levels C: Effective/efficient IT planning process D: IT strategic and tactical plans integrated with business plans E: Develop and communicate IT strategic and tactical plans F: Implement IT plans and monitor results G: Measure IT performance Risk Management Control Financial control - use budgets (costs and times), schedules, etc. - make sure IT is separate cost control and is accountable Reliable systems availability security integrity maintainability Roles of IT Personnel CIO appointment IS Development and Acquisition - project mgmt, system investigation, requirement analysis/ initial design, development, implementation and maintenance Info Sys Opn - production (data/workflow), operations, facility planning and processing support IS support - security, dbase administration, continuity/disaster recovery planning Role of Users Ensure app controls are performed Get involved in system development - make sure needs addressed, etc. Increasing control over own environment Role of Internal Audit Key monitoring role Preventive approach to IS auditing Various levels of involvement from just reviewing general controls and security to testing general/application controls, testing new system development, testing transactions using embedded audit routines, audit software Role of External Audit Limited time for systems Increasing reliance on I/A Still try to audit around computer at times But, new assurance services SysTrust WebTrust External Auditor Increased participation in systems development assess adequacy of IC in new system assess adequacy of mgmt trails assess appropriateness of acct principles supplemental communication link - mgmt and IS assess compliance with sys. dev. standards monitor systems conversions monitor adequacy of IC once system implemented (post implementation)